How to Enforce Minimum TLS Versions in Android & iOS Apps

 

Learn the 3 Easy Steps to Enforce SSL TLS Versions in Android & iOS Apps to ensure that the TLS version used by the app is current and has not been downgraded by hackers.

What is TLS Version Enforcement and How is it Used to Protect Mobile Apps? 

The TLS/SSL protocol has been around for a long time, and as such, it supports a wide range of cryptographic algorithms for establishing a secure communication channel and communicating over it.

Every secure connection begins with a “handshake” during which several parameters of the communication are decided. One of which is the version of the protocol:

  • SSL 3.0 (released in 1996)
  • TLS 1.0
  • TLS 1.1
  • TLS 1.2 (released in 2008)
  • TLS 1.3 (released in August 2018, not yet fully adopted)

Old versions of the protocol carry some vulnerabilities. Attacks like POODLE and BEAST rely on exploiting weaknesses of older implementations of TLS.In addition, it is not uncommon for attackers to intentionally impersonate servers or weaken their parameters in order to downgrade the security/encryption of a TLS session so that they can attack it more easily.

A very effective countermeasure against this class of attacks is to only use a current version or the latest version of TLS.

Implementing and especially maintaining such measures is a difficult task. Sometimes the source code is not available, and more often the services are on uncontrolled endpoints.

Appdome is a no-code mobile app security platform designed to add security features, like Enforce TLS Versions to Android and iOS apps without coding. This KB shows mobile developers, DevSec and security professionals how to use Appdome’s simple ‘click to build’ user interface to quickly and easily protect mobile data in transit.   

3 Easy Steps to Enforce TLS Versions, Android & iOS Apps

Follow these step-by-step instructions to Enforce Minimum TLS Versions in mobile apps:

  1. Upload an Android or iOS App to Appdome’s no code security platform (.apk, .aab, or .ipa)
  2. Under Build, Click Security, then Secure Communications,  switch ON Trusted Session, Expand Session Management, switch ON Enforce TLS Version
    • (optional) Enable Threat Events to configure this security alert on your app.
  3. Click Build My App

Congratulations! When app is now secured with Enforce TLS Version.
enforce tls cipher suites

Prerequisites for using Enforce TLS Version

  • Appdome account. If you don’t already have an account, you can sign up for free.
  • Mobile App (.ipa for iOS, or .apk or .aab for Android)
  • Signing Credentials (e.g., signing certificates and provisioning profile)

How To Learn More?

You can read about all the properties and features of various TLS versions in Wikipedia.

If you are interested in limiting other aspects of TLS, you should check out how you can Enforce Communications’ Cipher Suites.

This feature is just one of many offered in the course of Trusted Session Inspection.

To zoom out on this topic, visit Appdome for Mobile App Security on our website.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Request a demo at anytime.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Dany Zatuchna

Have a question?

Ask an expert

JanMaking your security project a success!

Get Your Copy
2021 Global Mobile
Consumer Security
Survey